<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="zh-CN" lang="zh-CN">
<head>
	<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
	<meta name="viewport" content="width=device-width, initial-scale=1.0">
	<meta name="keywords" content="SecWiki，维基，安全，资讯，专题，导航，RSS聚合，Ｗeb安全，Ｗeb安全，移动平台，二进制安全，恶意分析，网络安全，设备安全，运维技术，编程技术，书籍推荐">
	<title>SecWiki周刊（第180期)</title>
	<link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/bootstrap.css"/>
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/styles.css" />
    <link rel="stylesheet" type="text/css" href="https://secwiki.b0.upaiyun.com/css/people.css" />
    <link rel="shortcut icon" href="https://secwiki.b0.upaiyun.com/img/favicon.ico">
	<meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <script src="//upcdn.b0.upaiyun.com/libs/jquery/jquery-1.8.3.min.js"></script>
</head>

<body>
<div class="navbar navbar-fixed-top"><div class="navbar-inner"><div class="container"><a class="btn btn-navbar" data-toggle="collapse" data-target="#yii_bootstrap_collapse_0"><span class="icon-bar"></span><span class="icon-bar"></span><span class="icon-bar"></span></a><a href="/index.php" class="brand"><img src="https://secwiki.b0.upaiyun.com/logo.jpg" alt="" /></a><div class="nav-collapse collapse" id="yii_bootstrap_collapse_0"><form class="navbar-search pull-right" action="/news/search">
         <input type="text" class="search-query span2" name="wd" placeholder="SecWiki">
        </form>
    	<ul id="yw0" class="nav"><li><a href="/index.php">首页</a></li><li><a href="/event">新闻</a></li><li><a href="/news">技术</a></li><li><a href="/skill">技能</a></li><li><a href="/topic">专题</a></li><li><a href="/book">书籍</a></li><li><a href="/user/members">成员</a></li><li><a href="/opml/index">聚合</a></li><li><a href="/tougao/create">投稿</a></li></ul></div></div></div></div>
<div class="container" id="page">
			<!-- breadcrumbs -->
	
    <div style="margin-left: 15px;">
	    <div class="row-fluid">
    <div id="content">
            <link rel="stylesheet" type="text/css" href="/css/mweekly.css"/>

<h5><strong>SecWiki周刊（第180期）</strong></h5>
<blockquote> 2017/08/07-2017/08/13</blockquote>
<section id="news">
    <div class="weeklydivide">
      <strong>安全资讯</strong>
    </div><div class="single"><span id="tags">[观点]&nbsp;&nbsp;</span>浅谈网络安全产品的分类<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI0MDY2MzE5NQ==&amp;mid=2247484354&amp;idx=1&amp;sn=5815e3cb6f6c15a88133f0673f822b91&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI0MDY2MzE5NQ==&amp;mid=2247484354&amp;idx=1&amp;sn=5815e3cb6f6c15a88133f0673f822b91&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>中国网络安全产业全景报告2017Q2<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI0MDY2MzE5NQ==&amp;mid=2247484424&amp;idx=1&amp;sn=d785d945308c5e6f465a1b761bb6fc3b&amp;scene=0#wechat_redirect">https://mp.weixin.qq.com/s?__biz=MzI0MDY2MzE5NQ==&amp;mid=2247484424&amp;idx=1&amp;sn=d785d945308c5e6f465a1b761bb6fc3b&amp;scene=0#wechat_redirect</a></div><div class="single"><span id="tags">[法规]&nbsp;&nbsp;</span>军工四证——武器装备科研生产单位保密资质认证<br><a target="_blank" href="http://www.toutiao.com/i6452537530297352717/">http://www.toutiao.com/i6452537530297352717/</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>2016年成都市信息安全产业发展报告<br><a target="_blank" href="https://mp.weixin.qq.com/s?src=3&amp;timestamp=1502478688&amp;ver=1&amp;signature=rqqV*ifb6Nh3rrExzbcdO25nQRek8I02-053oVEghFwQHNsSbetmD4I*yy*2mYCn8tG4ftYR83qkS9078phnWNAxZeMrVP-5YH8GL1A40t9kDzyiXGdjwgc5QYKFWEDTbI2nJGac4t5uhybUvNQAKhBh-JmFdLNPqyFOvpiUTvo=">https://mp.weixin.qq.com/s?src=3&amp;timestamp=1502478688&amp;ver=1&amp;signature=rqqV*ifb6Nh3rrExzbcdO25nQRek8I02-053oVEghFwQHNsSbetmD4I*yy*2mYCn8tG4ftYR83qkS9078phnWNAxZeMrVP-5YH8GL1A40t9kDzyiXGdjwgc5QYKFWEDTbI2nJGac4t5uhybUvNQAKhBh-JmFdLNPqyFOvpiUTvo=</a></div><div class="single"><span id="tags">[无线安全]&nbsp;&nbsp;</span>窃隐私，传明文，京东劣举挑战网安法<br><a target="_blank" href="http://www.4hou.com/info/news/7104.html">http://www.4hou.com/info/news/7104.html</a></div><div class="single"><span id="tags">[新闻]&nbsp;&nbsp;</span>DNA序列竟被编成恶意软件感染计算机<br><a target="_blank" href="http://www.aqniu.com/hack-geek/27376.html">http://www.aqniu.com/hack-geek/27376.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>连载黑客小说《杀手》第十七章 阴与阳,0与1,攻与防<br><a target="_blank" href="http://www.jianshu.com/p/288c62014476">http://www.jianshu.com/p/288c62014476</a></div></section><section id="news">
    <div class="weeklydivide">
      <strong>安全技术</strong>
    </div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>华西安全网(cha.hxsec.com)密码泄露查询接口研究<br><a target="_blank" href="http://anhkgg.github.io/hxsec-search-pwd-interface-analyze/">http://anhkgg.github.io/hxsec-search-pwd-interface-analyze/</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Metinfo 5.3.17 前台SQL注入漏洞分析 <br><a target="_blank" href="https://www.leavesongs.com/PENETRATION/metinfo-5.3.17-sql-injection.html">https://www.leavesongs.com/PENETRATION/metinfo-5.3.17-sql-injection.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>GitHub 万星推荐：黑客成长技术清单<br><a target="_blank" href="http://www.4hou.com/info/news/7061.html">http://www.4hou.com/info/news/7061.html</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>OpenDLP: 免费&amp;开源的DLP 系统<br><a target="_blank" href="https://github.com/ezarko/opendlp">https://github.com/ezarko/opendlp</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>免杀 MSF Windows Payload 的方法与实践<br><a target="_blank" href="https://mp.weixin.qq.com/s/OxgJIIPaXMXqrY5lPdukdA">https://mp.weixin.qq.com/s/OxgJIIPaXMXqrY5lPdukdA</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>ThinkPHP5.0.10-3.2.3缓存函数设计缺陷可导致Getshell<br><a target="_blank" href="https://xianzhi.aliyun.com/forum/read/1973.html">https://xianzhi.aliyun.com/forum/read/1973.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>Acunetix11 API Documentation<br><a target="_blank" href="https://h4rdy.me/index.php/archives/91/">https://h4rdy.me/index.php/archives/91/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>开源CTF平台框架合辑<br><a target="_blank" href="https://github.com/We5ter/Create_Your_CTFs">https://github.com/We5ter/Create_Your_CTFs</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Bypass 360主机卫士SQL注入防御<br><a target="_blank" href="http://www.cnblogs.com/xiaozi/p/7275134.html">http://www.cnblogs.com/xiaozi/p/7275134.html</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>域渗透神器Empire安装和简单使用<br><a target="_blank" href="http://mp.weixin.qq.com/s/VqrUTW9z-yi3LqNNy-lE-Q">http://mp.weixin.qq.com/s/VqrUTW9z-yi3LqNNy-lE-Q</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>Termite: 跳板机管理工具<br><a target="_blank" href="http://rootkiter.com/Termite/">http://rootkiter.com/Termite/</a></div><div class="single"><span id="tags">[工具]&nbsp;&nbsp;</span>Vuzzer自动漏洞挖掘工具简单分析附使用介绍<br><a target="_blank" href="http://www.freebuf.com/sectool/143123.html">http://www.freebuf.com/sectool/143123.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>UDP tunnel：绕过UDP屏蔽或QoS<br><a target="_blank" href="https://github.com/wangyu-/udp2raw-tunnel/blob/master/doc/README.zh-cn.md">https://github.com/wangyu-/udp2raw-tunnel/blob/master/doc/README.zh-cn.md</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>河马WEBSHELL扫描器1.2 发布，有UI<br><a target="_blank" href="http://blog.shellpub.com/2017/08/09/%E6%B2%B3%E9%A9%ACwebshell%E6%89%AB%E6%8F%8F%E5%99%A8v1_2.html">http://blog.shellpub.com/2017/08/09/%E6%B2%B3%E9%A9%ACwebshell%E6%89%AB%E6%8F%8F%E5%99%A8v1_2.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>玩转linux系统之Linux内网渗透<br><a target="_blank" href="https://thief.one/2017/08/09/2/">https://thief.one/2017/08/09/2/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>XSS攻击另类玩法<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25578-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25578-1-1.html?from=sec</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>通过Burp以及自定义的Sqlmap Tamper进行二次SQL注入<br><a target="_blank" href="http://www.4hou.com/system/6945.html">http://www.4hou.com/system/6945.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>内网渗透中主机发现的小技巧<br><a target="_blank" href="http://mp.weixin.qq.com/s/fg8f7ydniZiQZ87niDTwqA">http://mp.weixin.qq.com/s/fg8f7ydniZiQZ87niDTwqA</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>java角度聊聊SQL注入<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzIzMzgxOTQ5NA==&amp;mid=2247483954&amp;idx=1&amp;sn=418b7e55b16c717ee5140af990298e22&amp;chksm=e8fe9e3bdf89172d0670690060944bf2434cc2d2e8fba4477711299a0775cf3735a2022c0778#rd">https://mp.weixin.qq.com/s?__biz=MzIzMzgxOTQ5NA==&amp;mid=2247483954&amp;idx=1&amp;sn=418b7e55b16c717ee5140af990298e22&amp;chksm=e8fe9e3bdf89172d0670690060944bf2434cc2d2e8fba4477711299a0775cf3735a2022c0778#rd</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span> IoT Village 物联网安全技术PPT和视频资料<br><a target="_blank" href="https://www.iotvillage.org/#dc25_schedule">https://www.iotvillage.org/#dc25_schedule</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>windows环境下的信息收集i<br><a target="_blank" href="http://mp.weixin.qq.com/s/37xtTdjVetMg5P1WaJvYvA">http://mp.weixin.qq.com/s/37xtTdjVetMg5P1WaJvYvA</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>scan_webshell: 简单的webshell扫描<br><a target="_blank" href="https://github.com/erevus-cn/scan_webshell">https://github.com/erevus-cn/scan_webshell</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>由视频系统SQL注入到服务器权限<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25827-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25827-1-1.html?from=sec</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>NSA开发的工控ICS/SCADA态势感知开源工具Grassmarlin（附下载地址）<br><a target="_blank" href="http://www.freebuf.com/sectool/143106.html">http://www.freebuf.com/sectool/143106.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>渗透测试指南之域用户组的范围<br><a target="_blank" href="http://www.4hou.com/penetration/7016.html">http://www.4hou.com/penetration/7016.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>我是如何通过fuzz apache httpd服务发现CVE-2017-7668<br><a target="_blank" href="http://www.4hou.com/technology/6738.html">http://www.4hou.com/technology/6738.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>一句话开启http服务<br><a target="_blank" href="http://mp.weixin.qq.com/s/yT9WW5iPap1AB5hUT-jXag">http://mp.weixin.qq.com/s/yT9WW5iPap1AB5hUT-jXag</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Peach对Modbus功能码的模糊测试<br><a target="_blank" href="http://uknowsec.cn/posts/notes/Peach%E5%AF%B9Modbus%E5%8A%9F%E8%83%BD%E7%A0%81%E7%9A%84%E6%A8%A1%E7%B3%8A%E6%B5%8B%E8%AF%95.html">http://uknowsec.cn/posts/notes/Peach%E5%AF%B9Modbus%E5%8A%9F%E8%83%BD%E7%A0%81%E7%9A%84%E6%A8%A1%E7%B3%8A%E6%B5%8B%E8%AF%95.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>结合一次有趣的XSS实战<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25726-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25726-1-1.html?from=sec</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>Shellcode Via XSL, And DotNetToJScript<br><a target="_blank" href="https://gist.github.com/subTee/7c926f51181945d20594eb91e8f4064b">https://gist.github.com/subTee/7c926f51181945d20594eb91e8f4064b</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span> Python 机器学习教程  <br><a target="_blank" href="https://github.com/MorvanZhou/tutorials/blob/master/README.md?hmsr=toutiao.io&amp;utm_medium=toutiao.io&amp;utm_source=toutiao.io">https://github.com/MorvanZhou/tutorials/blob/master/README.md?hmsr=toutiao.io&amp;utm_medium=toutiao.io&amp;utm_source=toutiao.io</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>三种特征向量对深度学习攻击检测的影响<br><a target="_blank" href="http://bobao.360.cn/learning/detail/4224.html">http://bobao.360.cn/learning/detail/4224.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>看我如何从54G日志中溯源web应用攻击路径<br><a target="_blank" href="https://secvul.com/topics/715.html">https://secvul.com/topics/715.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>USB-based attacks   USB 攻击论文<br><a target="_blank" href="http://www.sciencedirect.com/science/article/pii/S0167404817301578">http://www.sciencedirect.com/science/article/pii/S0167404817301578</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>64位系统下的Office后门利用<br><a target="_blank" href="http://www.4hou.com/technology/6782.html">http://www.4hou.com/technology/6782.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Angr：一个具有动态符号执行和静态分析的二进制分析工具<br><a target="_blank" href="http://www.freebuf.com/sectool/143056.html">http://www.freebuf.com/sectool/143056.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>栈溢出利用之Return to dl-resolve<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484641&amp;idx=1&amp;sn=f2cfc0cdee49c7c03d6a40e1f6f682ec&amp;chksm=ec1e34c9db69bddfc676074d3da23a72606038902a53c00fedaaad884505dc8db444cbd7ab39#rd">https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484641&amp;idx=1&amp;sn=f2cfc0cdee49c7c03d6a40e1f6f682ec&amp;chksm=ec1e34c9db69bddfc676074d3da23a72606038902a53c00fedaaad884505dc8db444cbd7ab39#rd</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>安卓漏洞学习二<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484706&amp;idx=1&amp;sn=eb49d5f71f89fd4d2e3bec23c44c0ae6&amp;chksm=ec1e350adb69bc1c9f775bfaf997459e1cfa3beb065f553ed90fbd88220d7739487e9f7208bd#rd">https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484706&amp;idx=1&amp;sn=eb49d5f71f89fd4d2e3bec23c44c0ae6&amp;chksm=ec1e350adb69bc1c9f775bfaf997459e1cfa3beb065f553ed90fbd88220d7739487e9f7208bd#rd</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>APT28 Targets Hospitality Sector, Presents Threat to Travelers<br><a target="_blank" href="https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html">https://www.fireeye.com/blog/threat-research/2017/08/apt28-targets-hospitality-sector.html</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>从内部看NSA如何跟踪你<br><a target="_blank" href="https://media.ccc.de/v/SHA2017-402-how_the_nsa_tracks_you">https://media.ccc.de/v/SHA2017-402-how_the_nsa_tracks_you</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>看我如何基于Python&amp;Facepp打造智能监控系统<br><a target="_blank" href="http://www.freebuf.com/geek/143186.html">http://www.freebuf.com/geek/143186.html</a></div><div class="single"><span id="tags">[观点]&nbsp;&nbsp;</span>做到这一点，你也可以成为优秀的程序员<br><a target="_blank" href="https://mp.weixin.qq.com/s/8Bl105G8ZsE_jy5mbrIy_g">https://mp.weixin.qq.com/s/8Bl105G8ZsE_jy5mbrIy_g</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>记一次Github项目被fork后的删除经历<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25588-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25588-1-1.html?from=sec</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>高通加解密引擎提权漏洞解析 <br><a target="_blank" href="http://www.iceswordlab.com/2017/08/07/qualcomm-crypto-engine-vulnerabilities-exploits/">http://www.iceswordlab.com/2017/08/07/qualcomm-crypto-engine-vulnerabilities-exploits/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>FileScan: 敏感文件扫描 / 二次判断降低误报率<br><a target="_blank" href="https://github.com/Mosuan/FileScan">https://github.com/Mosuan/FileScan</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Electron hack —— 跨平台 XSS<br><a target="_blank" href="https://mp.weixin.qq.com/s/DgjJ6uKtuUPFQhgztL69RQ">https://mp.weixin.qq.com/s/DgjJ6uKtuUPFQhgztL69RQ</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Windows Exploitation Tricks: Arbitrary Directory Creation to Arbitrary File Read<br><a target="_blank" href="https://googleprojectzero.blogspot.dk/2017/08/windows-exploitation-tricks-arbitrary.html">https://googleprojectzero.blogspot.dk/2017/08/windows-exploitation-tricks-arbitrary.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>IsThisLegit+Phinn：采用了机器学习算法的开源网络钓鱼防御与检测工具<br><a target="_blank" href="http://www.freebuf.com/sectool/142955.html">http://www.freebuf.com/sectool/142955.html</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>一种劫持COM服务器并绕过微软反恶意软件扫描接口(AMSI)的方法<br><a target="_blank" href="http://www.4hou.com/technology/7018.html">http://www.4hou.com/technology/7018.html</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>《工业控制系统信息安全防护能力评估工作管理办法》解读<br><a target="_blank" href="http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057656/n3057672/c5761113/content.html">http://www.miit.gov.cn/n1146285/n1146352/n3054355/n3057656/n3057672/c5761113/content.html</a></div><div class="single"><span id="tags">[漏洞分析]&nbsp;&nbsp;</span>Solving a CTF Challenge with S2E<br><a target="_blank" href="https://adrianherrera.github.io/post/google-ctf-2016/?from=timeline">https://adrianherrera.github.io/post/google-ctf-2016/?from=timeline</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>绕过主机卫士进行注入的两种姿势<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25534-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25534-1-1.html?from=sec</a></div><div class="single"><span id="tags">[运维安全]&nbsp;&nbsp;</span>部署nginx_lua_waf记录<br><a target="_blank" href="https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484651&amp;idx=1&amp;sn=2fd58ef842d3652fc0933084fc2bf0c7&amp;chksm=ec1e34c3db69bdd5caa73a00437a844738205046d469e928f6d5acbd6c0beab66c9c8800b3bc#rd">https://mp.weixin.qq.com/s?__biz=MzI5MDQ2NjExOQ==&amp;mid=2247484651&amp;idx=1&amp;sn=2fd58ef842d3652fc0933084fc2bf0c7&amp;chksm=ec1e34c3db69bdd5caa73a00437a844738205046d469e928f6d5acbd6c0beab66c9c8800b3bc#rd</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>pychrome: A Python Package for the Google Chrome Dev Protocol<br><a target="_blank" href="https://github.com/fate0/pychrome">https://github.com/fate0/pychrome</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>利用CLR实现一种无需管理员权限的后门<br><a target="_blank" href="http://www.4hou.com/technology/6863.html">http://www.4hou.com/technology/6863.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>BetterZip For macOS 破解实战(Patch公钥、黑名单检测、签名校验、Keygen等)<br><a target="_blank" href="http://www.chinapyg.com/thread-91890-1-1.html">http://www.chinapyg.com/thread-91890-1-1.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>琢石成器之自动化去广告神器<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25681-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25681-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>All your devs are belong to us: how to backdoor the Atom editor<br><a target="_blank" href="http://blog.thinkst.com/2017/08/all-your-devs-are-belong-to-us-how-to.html">http://blog.thinkst.com/2017/08/all-your-devs-are-belong-to-us-how-to.html</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>二维码引发诈骗案到成功追回赃款-社会工程学<br><a target="_blank" href="https://bbs.ichunqiu.com/thread-25601-1-1.html?from=sec">https://bbs.ichunqiu.com/thread-25601-1-1.html?from=sec</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>关于xss的防护与绕过科普<br><a target="_blank" href="http://mp.weixin.qq.com/s/cJxDb5vWTSPzRKWlEB3GCQ">http://mp.weixin.qq.com/s/cJxDb5vWTSPzRKWlEB3GCQ</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Office高级威胁漏洞在野利用分析<br><a target="_blank" href="https://cert.360.cn/static/files/Office%E9%AB%98%E7%BA%A7%E5%A8%81%E8%83%81%E6%BC%8F%E6%B4%9E%E5%9C%A8%E9%87%8E%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90.pdf">https://cert.360.cn/static/files/Office%E9%AB%98%E7%BA%A7%E5%A8%81%E8%83%81%E6%BC%8F%E6%B4%9E%E5%9C%A8%E9%87%8E%E5%88%A9%E7%94%A8%E5%88%86%E6%9E%90.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Office 在64位操作系统的持久控制<br><a target="_blank" href="https://3gstudent.github.io/Office-Persistence-on-x64-operating-system/">https://3gstudent.github.io/Office-Persistence-on-x64-operating-system/</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>Modern Alchemy: Turning XSS into RCE<br><a target="_blank" href="https://blog.doyensec.com/2017/08/03/electron-framework-security.html">https://blog.doyensec.com/2017/08/03/electron-framework-security.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>2017上半年移动安全报告 <br><a target="_blank" href="http://blog.avlsec.com/2017/08/4817/report/">http://blog.avlsec.com/2017/08/4817/report/</a></div><div class="single"><span id="tags">[恶意分析]&nbsp;&nbsp;</span>Analysis Results of Zeus.Variant.Panda<br><a target="_blank" href="https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf">https://cyberwtf.files.wordpress.com/2017/07/panda-whitepaper.pdf</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>腾讯安全反病毒实验室：揭秘“挂马”黑产最新态势<br><a target="_blank" href="http://www.freebuf.com/articles/system/143217.html">http://www.freebuf.com/articles/system/143217.html</a></div><div class="single"><span id="tags">[移动安全]&nbsp;&nbsp;</span>解锁更多姿势——手机锁屏安全研究<br><a target="_blank" href="https://security.tencent.com/index.php/blog/msg/118">https://security.tencent.com/index.php/blog/msg/118</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>大力出奇迹：Web架构中的安全问题一例<br><a target="_blank" href="http://www.polaris-lab.com/index.php/archives/369/">http://www.polaris-lab.com/index.php/archives/369/</a></div><div class="single"><span id="tags">[编程技术]&nbsp;&nbsp;</span>Flask0.1源码阅读——请求处理和响应<br><a target="_blank" href="https://jiayi.space/post/flask0.1yuan-ma-yue-du-qing-qiu-chu-li-he-xiang-ying">https://jiayi.space/post/flask0.1yuan-ma-yue-du-qing-qiu-chu-li-he-xiang-ying</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>SSRF, Memcached and other key-value injections in the wild<br><a target="_blank" href="https://medium.com/@d0znpp/ssrf-memcached-and-other-key-value-injections-in-the-wild-c8d223bd856f">https://medium.com/@d0znpp/ssrf-memcached-and-other-key-value-injections-in-the-wild-c8d223bd856f</a></div><div class="single"><span id="tags">[设备安全]&nbsp;&nbsp;</span>Industrial Control System (ICS) security  工控系统安全相关资源<br><a target="_blank" href="https://github.com/hslatman/awesome-industrial-control-system-security">https://github.com/hslatman/awesome-industrial-control-system-security</a></div><div class="single"><span id="tags">[数据挖掘]&nbsp;&nbsp;</span>一文看尽深度学习RNN：为啥就它适合语音识别、NLP与机器翻译<br><a target="_blank" href="https://mp.weixin.qq.com/s?src=3&amp;timestamp=1502478296&amp;ver=1&amp;signature=wYB4AAcs0Nbz*6P0S22UU9pvnJi7uqjFh0SsUoleVepVWn5N3NE6XnrgiBAHiSJUL7jOIpBS9NlWOgrTCzqT5J2QFEd-vwFO3zABQ8MkTH41MJ6n7FjwfIndD-gLPvHyDEMy*3wFBAElUKgZJhz5IVm-nFmCb1GhKXZQ5CMT5c4=">https://mp.weixin.qq.com/s?src=3&amp;timestamp=1502478296&amp;ver=1&amp;signature=wYB4AAcs0Nbz*6P0S22UU9pvnJi7uqjFh0SsUoleVepVWn5N3NE6XnrgiBAHiSJUL7jOIpBS9NlWOgrTCzqT5J2QFEd-vwFO3zABQ8MkTH41MJ6n7FjwfIndD-gLPvHyDEMy*3wFBAElUKgZJhz5IVm-nFmCb1GhKXZQ5CMT5c4=</a></div><div class="single"><span id="tags">[Web安全]&nbsp;&nbsp;</span>如何通过简单的网页文件从MacOS中盗取文件？<br><a target="_blank" href="http://www.4hou.com/system/7012.html">http://www.4hou.com/system/7012.html</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>SecWiki周刊（第179期)<br><a target="_blank" href="https://www.sec-wiki.com/weekly/179">https://www.sec-wiki.com/weekly/179</a></div><div class="single"><span id="tags">[文档]&nbsp;&nbsp;</span>post-exploitation-persistence-with-application-shims-intro<br><a target="_blank" href="http://blacksunhackers.club/2016/08/post-exploitation-persistence-with-application-shims-intro/">http://blacksunhackers.club/2016/08/post-exploitation-persistence-with-application-shims-intro/</a></div><div class="single"><span id="tags">[其它]&nbsp;&nbsp;</span>mysql-插入优化Disk seeks are evil, so let’s avoid them, pt. 4<br><a target="_blank" href="https://www.percona.com/blog/2010/06/18/disk-seeks-are-evil-so-lets-avoid-them-pt-4/">https://www.percona.com/blog/2010/06/18/disk-seeks-are-evil-so-lets-avoid-them-pt-4/</a></div></section>
<section id="news">
        <pre style="margin-top: 15px; margin-bottom: 15px; padding: 6px 10px; max-width: 100%; color: rgb(62, 62, 62); background-color: rgb(255, 255, 255); -webkit-print-color-adjust: exact; border-width: 1px; border-style: solid; border-color: rgb(204, 204, 204); font-size: 13px; line-height: 19px; overflow: auto; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;"><code class="" style="max-width: 100%; -webkit-print-color-adjust: exact; border-width: initial; border-style: none; border-color: initial; background-color: transparent; border-radius: 3px; box-sizing: border-box !important; word-wrap: break-word !important;">-----微信ID：SecWiki-----
SecWiki，5年来一直专注安全技术资讯分析！
SecWiki：https://www.sec-wiki.com</code></pre>
    <p style="max-width: 100%; min-height: 1em; color: rgb(62, 62, 62); font-size: 16px; white-space: normal; background-color: rgb(255, 255, 255); box-sizing: border-box !important; word-wrap: break-word !important;"><span style="max-width: 100%; font-size: 14px; box-sizing: border-box !important; word-wrap: break-word !important;">本期原文地址:<span style="max-width: 100%; font-family: Helvetica, arial, sans-serif; box-sizing: border-box !important; word-wrap: break-word !important;">&nbsp;<a href="https://www.sec-wiki.com/weekly/180">SecWiki周刊(第180期)</a></span><br style="max-width: 100%; box-sizing: border-box !important; word-wrap: break-word !important;"></span></p>
</section>
    </div><!-- content -->
</div>
    </div>
</div>

<div id="footer" class="footer">
		<div class="container"  style="margin-top: 5px;">
			<div class="span3">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">最新公告</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='http://www.sec-wiki.com/about/donate'>2016-01-01 打赏功能开通</a><br>
						<a href='http://www.sec-wiki.com/about/join'>2015-01-05 如何加入SecWiki</a><br>
						<a href='http://www.sec-wiki.com/about/submit'>2014-08-08 如何快捷提交资讯</a><br>
						<a href='http://www.sec-wiki.com/about/index'>2012-07-01 关于SecWiki</a><br>
				</div>
			</div>

			<div class="span5">
				<div class="one-third column">
					<h5 class="title">
						<a target="_blank" href="/nav/index">友情链接</a>						<span class="line"></span>
					</h5>
					<p>
						<a href='https://www.secsilo.com/'>安全沙漏</a>&nbsp;
						<a href='http://www.freebuf.com/'>Freebuf</a>&nbsp;
						<a href='http://www.anquanquan.info/'>安全圈</a>&nbsp;
						<a href='http://navisec.it/'>Navisec</a>&nbsp;
                        <a href='http://das.scusec.org'>小黑屋</a>&nbsp;
                        <a href='http://www.polaris-lab.com/'>勾陈Lab</a>
                        <br>
						<a href='http://www.ijiandao.com'>网络尖刀</a>&nbsp;
                        <a href='http://www.shellpub.com/'>ShellPub</a>&nbsp;
                        <a href='http://www.secpulse.com/?secwiki'>SecPulse</a>&nbsp;
                        <a href='https://www.secquan.org/'>圈子</a>
                        <a href='http://bluereader.org/'>深蓝阅读</a>&nbsp;<br>
                        <a href='http://www.bugbank.cn/'>漏洞银行</a>
                        <a href='http://bobao.360.cn/'>安全客</a>
                        <a href='http://www.secfree.com/'>指尖安全</a>
                        <a href='https://www.easyaq.com/'>E安全</a>
                        <a href='http://www.vipread.com/'>安全slide</a>

                        <a href="/link">更多</a>
					</p>
				</div>
			</div>

			<div class="span2">
			    <div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/index">SecWiki公众号</a>						<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/weixin.jpg">
					</div>
				</div>
			</div>

			<div class="span2">
				<div class="one-third column">
					<h5 class="title">
					<a target="_blank" href="/about/donate">安全学术圈</a>					<span class="line"></span>
					</h5>
					<div style="margin-top:15px; width: 90px; height: 90px;">
						<img src="https://secwiki.b0.upaiyun.com/secquan.jpg">
					</div>
				</div>
			</div>

		</div>
		<div class="container" style="margin-top:5px;margin-bottom: 10px;">
			<div class="span9">
					Copyright &copy;
					2019                    琼ICP备16003361号-4
                    SecWiki
					<a href="/news/rss">
						<img src="/img/rss.gif" border="0" width="36px" height="14px" alt="订阅SecWiki">
					</a>
					<a href="https://www.upyun.com/">
						<img src="https://secwiki.b0.upaiyun.com/upyun.png" width="80" border="0" alt="UPYUN">
					</a>
					<a href="http://www.vultr.com/?ref=6885244">
						<img src="https://secwiki.b0.upaiyun.com/vultr.png" width="100" border="0" alt="vultr">
					</a>&nbsp;&nbsp;
			</div>
		</div>
</div><!-- footer -->
<div id="csswithjs">
        <script type="text/javascript">
            var _bdhmProtocol = (("https:" == document.location.protocol) ? " https://" : " http://");
            document.write(unescape("%3Cscript src='" + _bdhmProtocol + "hm.baidu.com/h.js%3Fbad84ea1f314383f8da7949aad5c2199' type='text/javascript'%3E%3C/script%3E"));
    </script>
</div>
<script type="text/javascript" src="https://secwiki.b0.upaiyun.com/js/bs.min.js"></script>
<script type="text/javascript">
/*<![CDATA[*/
jQuery(function($) {
jQuery('[data-toggle=popover]').popover();
jQuery('body').tooltip({"selector":"[data-toggle=tooltip]"});
jQuery('#yii_bootstrap_collapse_0').collapse({'parent':false,'toggle':false});
});
/*]]>*/
</script>
</body>
<!-- page -->
</html>
